7.5 KiB
- Bootstrap / Installation
- Testing / CLI Access
- Database
- uncloud clients access the data base from a variety of outside hosts
- So the postgresql data base needs to be remotely accessible
- Instead of exposing the tcp socket, we make postgresql bind to localhost via IPv6
- Then we remotely connect to the database server with ssh tunneling
- Configuring your database for SSH based remote access
- URLs
- uncloud Products
- VPN
- How to add a new VPN Host
- Example of adding a VPN host at ungleich
- Example http commands / REST calls
- Creating a VPN pool
- Managing VPNNetworks
- Product and Product Children
- Identifiers
- VPN
Bootstrap / Installation
Setting up the the database
Create the database
Due to the use of the JSONField, postgresql is required. To get started, create a database and have it owned by the user that runs uncloud (usually "uncloud"):
bridge:~# su - postgres
bridge:~$ psql
postgres=# create role uncloud login;
postgres=# create database uncloud owner nico;
uncloud Products
VPN
Example of adding a VPN host at ungleich
TODO Create a new VPNPool on uncloud with
http command
``` http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/admin/vpnpool/ network=2a0a:e5c1:200:: \ network_size=40 subnetwork_size=48 vpn_hostname=vpn-2a0ae5c1200.ungleich.ch wireguard_private_key=… ```
Example http commands / REST calls
creating a new vpn pool
http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/admin/vpnpool/ network_size=40 subnetwork_size=48 network=2a0a:e5c1:200:: vpn_hostname=vpn-2a0ae5c1200.ungleich.ch wireguard_private_key=$(wg genkey)
Creating a VPN pool
http -a uncloudadmin:$(pass uncloudadmin) https://localhost:8000/v1/admin/vpnpool/ \
network=2a0a:e5c1:200:: network_size=40 subnetwork_size=48 \
vpn_hostname=vpn-2a0ae5c1200.ungleich.ch wireguard_private_key=$(wg genkey)
This will create the VPNPool 2a0a:e5c1:200::/40 from which /48 networks will be used for clients.
VPNPools can only be managed by staff.
Managing VPNNetworks
To request a network as a client, use the following call:
http -a user:$(pass user) https://localhost:8000/v1/net/vpn/ \
network_size=48 \
wireguard_public_key=$(wg genkey | tee privatekey | wg pubkey)
```
VPNNetworks can be managed by all authenticated users.
* Developer Handbook
The following section describe decisions / architecture of
uncloud. These chapters are intended to be read by developers.
** Documentation
This documentation is written in org-mode. To compile it to
html/pdf, just open emacs and press *C-c C-e l p*.
** Models
*** Bill
Bills are summarising usage in a specific timeframe. Bills usually
spawn one month.
*** BillRecord
Bill records are used to model the usage of one order during the
timeframe.
*** Order
Orders register the intent of a user to buy something. They might
refer to a product. (???)
Order register the one time price and the recurring price. These
fields should be treated as immutable. If they need to be modified,
a new order that replaces the current order should be created.
**** Replacing orders
If an order is updated, a new order is created and points to the
old order. The old order stops one second before the new order
starts.
If a order has been replaced can be seen by its replaced_by count:
#+BEGIN_SRC sh
>>> Order.objects.get(id=1).replaced_by.count()
1
Identifiers
Approach 1: integers
Integers are somewhat easy to remember, but also include predictable growth, which might allow access to guessed hacking (obivously proper permissions should prevent this).
Approach 3: IPv6 addresses
uncloud heavily depends on IPv6 in the first place. uncloud could use a /48 to identify all objects. Objects that have IPv6 addresses on their own, don't need to draw from the system /48.
Possible Subnetworks
Assuming uncloud uses a /48 to represent all resources.
Network | Name | Description |
---|---|---|
2001:db8::/48 | uncloud network | All identifiers drawn from here |
2001:db8:1::/64 | VM network | Every VM has an IPv6 address in this network |
2001:db8:2::/64 | Bill network | Every bill has an IPv6 address |
2001:db8:3::/64 | Order network | Every order has an IPv6 address |
2001:db8:5::/64 | Product network | Every product (?) has an IPv6 address |
2001:db8:4::/64 | Disk network | Every disk is identified |